

Determine Entitlement L 304 
in Headend -\ 








Send Entitlement with Signature 
and Object to Network 




p3 



I Receive Entitlement and | 
Object i n Set Top Box 



Correlate Entitlement J/- ^ 
to Object 



I Extract Key from If ^ 
Entitlement ] 



Decrypt \) 
Object 



Store 
Object 



Fig. 3 



I Calc 

LJ 



Calculate Signature 
in Headend 



Send Signature and 
Object to Network 



Receive Signature and 
Object in Set Top Box 



E -elate Signature If 416 
to Object \ 



Recalculate Signature 
in Set Top Box 





^428 


Store 




Object 








, r 




Discard 




Object 



Fig. 4 



508 

512 
516 



500 

Authorization 
Header 

Autliorization 
Data 
Structure 



Signature 
Cinecksum 



Fig. 5 




Fig. 6 



Autinorization 
Header_ 

Authorization 
Data 
Structure 



Object 
Header 



Object 




Fig. 8 



Fig. 7 



Read Authorization & Object \ 
iVlessages from Storage Device | 






Load Object 
Access Control 


Message Into 
Processor (AGP) 



■1004 



Load Authorization 
Message Into AGP 



Calculate New Signature 
Over Signatory Group 




Load Object Into 
Memory & Execute 



AGP Discards Object 
& Notifies OS 



Fig. 10 



Save Object Message in 
Storage Device in Encrypted Form 



Read Autiiorization & Object 
Message from Storage Device 



Load Key & Object Message Into 
Access Control Processor (AGP) 



Decrypt /-me 
Object ^ 



Plaintext Object 
Returned to OS 



Fig. 11 



Read Authorization iVIessage 
from Storage Device 



Load Autlnorization Message Into 
Access Control Processor (ACP) 



ACP Checks for Entitlements 
& Keys for Object 




OS Loads Object Into 
Memory & Executes 



OS Notified & 
Object Discarded 



Fig. 12 



Read Object from 
Storage Device 



Recalculate Signature After 
Loading Object Into Memory 



Wait for Next 
Scheduled Checkpoint 



^3 



Perform Authentication & Authorization 
Using Recalculated Signature 




Object Removed from 
Memory & Discarded 



Fig. 13 



Read Object from]/ 
Storage Memory 



■1404 



Load Object Into 
Program Execution Memory 





1416 





^1432 


Object Removed from 
Memory & Discarded 



Fig. 14A 



Read Object from 
Storage Memory 



1436 



Load Object Into 
Program Execution Memory 



Set Usage j/^^^^ 
Counter 



User Samples 
Object 



if 



Increment 
Usage Counter 





Object Remains 
in Memory 



No 


^1468 


Object Removed from 
Memory & Discarded 



Fig. 14B 



-1502 



Set Reportback 
Timer 



-1506 



Monitor Network 
for Reportback 




Fig. 15A 



Set Reportback 
Timer 



If'- 



Independently Determine When the 
Next Checkpoint Should Occur 



Determine If Authorization and/or 
Authentication Is Properly Performed 




Yes ^ Checkpoint 
. Performed? > 




ACP Reports Error 
to Headend 



Fig. 15B 



Record Time of Last OS 
Checkpoint Observed by ACP 



Begin Countdown 
Timer 



S- 




No 



ACP Reports Error 
to Headend 



Fig. 15C 



Determine Portion of Object 
to Encrypt as Tol<en 



Encrypt Portion 
as Token 



■1606 



Send Remainder of Object 
and Token to Set Top Box 



Send Key for Token on 
an Encrypted Cliannel 



Receive Purciiase 
Information 



Debit User 
Account 



Update Authorization and 
Send New Rigtits IVlessage 



Fig. 16A 



Receive Ciphertext Token 
& Remainder of Object 



Save Plaintext Remainder and 
Ciphertext Toi^en in Storage Memory 



•1608 



Receive Key and 
Store In ACP 




User 

Purchase ^^^^ No 
Object? 



Decrypt f 
Token 



Pass Plaintext 
Token to OS 



Plaintext Token Integrated 
with Remainder of Object 



^1624 



Report Purchase]/' 
to Headend 



Fig. 16B 



Receive Plaintext 
Remainder of Object 



Save Plaintext Remainder 
in Storage IVIemory 



User 

Purchase ^^^JA^jt^ No 
Object? 



Report Purchase /" 
to Headend 



Receive Missing 
Plaintext Portion 



Integrate Plaintext Portion 
with Remainder of Object 



r 



Receive New Rights Message with 
Authorization for Object 



Fig. 16C 



Java 
Applications 



HTIVIL 



1718 1714 



1722 1716 



Java 
Virtual 
Machine 



Drivers 



Resources 



Data 
Files 



Applications 



Operating 
System 



BIOS 



Hardware 



Fig. 17 



